It’s not paranoia if someone really is out to get you. That’s an exaggeration of findings of a new survey of IT pros, the majority of whom just assume that governments are snooping into their corporate data.
More specifically, 62 percent of respondents polled at the big Infosec Europe conference said they think the government is looking at their stores of corporate data. What’s notable about that is that the show (and the survey) took place in April, two months before the blockbuster Edward Snowden disclosures about the U.S. National Security Agency’s data gathering operations. Of course, there were earlier indications of massive data gathering from three former NSA officials-turned-whistle blowers.The survey results were released Friday and showed that well over half of the 300 IT pros responding simply expect Big Brother to be peering at their stuff. Over half of the respondents work for big enterprises (with more than 5,000 employees) in the financial services, retail, healthcare and insurance businesses. The survey was sponsored by Voltage Security, which is using it to promote the need to protect sensitive financial, customer or employee data as well as corporate intellectual property, for its entire life span.
According to a Voltage statement, the only way to provide the necessary levels of security to guard against data loss, either through surveillance, a malicious attack, or an inadvertent disclosure is through a data-centric security program. The same holds true, presumably, for government-sanctioned surveillance.
The whole PRISM and Tempura government data collection efforts by the U.S. and U.K. respectively are being parlayed by any number of interested parties to further their goals. For example, encryption companies say the only way to prevent snooping by government operatives or others is to fully encrypt all data — assuming the government doesn’t have the keys. And E.U.-based telcos, hosting providers and cloud companies are using outrage over NSA data gathering to aggressively promote the use of E.U.- based clouds built by E.U.-based companies.
All of this controversy will be front and center at Structure: Europe in London, where several sessions will focus on cloud security post-PRISM.